[Freeipa-users] Installation issues with sub-ca.
Andrea Bontempi
abontempi at dbmsrl.com
Wed Nov 13 10:54:43 UTC 2013
Ok, this is funny:
-----------------------------------------------------------------------------------------------------
[root at dbm13 ca_rotta]# certutil -d sql:[nss db] -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa [hidden] ipa-ca-agent
-----------------------------------------------------------------------------------------------------
The sub-ca doesn't have the private key. This is ridiculous... FreeIPA gave me the CSR...
When i try to validate "ipa-ca-agent" with certutil i get this error:
"Peer's certificate issuer is not recognized"
(obvious if the certificate issuer does not have the private key)
Andrea Bontempi
More information about the Freeipa-users
mailing list